On Wednesday, February 16, 2022, lawmakers in Oklahoma and Wisconsin held hearings on bills to increase consumer data privacy protections. Despite the good intentions, both bills join a litany of bills that will ultimately do consumers more harm than good. To adequately protect consumer privacy, instead of adopting a state-based piecemeal privacy regime, state lawmakers should instead lobby their federal counterparts in Congress to adopt a national standard. privacy of consumer data.
The Oklahoma and Wisconsin bills, HB 2969 and AB 957 respectively, are just two of many pieces of legislation being considered across the country by individual state legislatures during the current legislative session. Like their counterparts in other states, the Oklahoma and Wisconsin bills provide data privacy protections and restrictions unique to their states. If passed, they would contribute to the growing mishmash of state-level data privacy laws.
Currently, three states, California, Colorado, and Virginia, have passed comprehensive data privacy bills, and more are expected to follow. According to an analysis by the Information Technology and Innovation Foundation, if the remaining 47 states passed their own data privacy laws, it would cost consumers and producers more than $1 billion more than having a national framework. single over 10 years.
The establishment of radically different laws in each state makes compliance nearly impossible for businesses. A company doing business in California and Virginia, for example, must adapt its online presence in the two states to comply with the dramatically different requirements of the two states. Complications will continue to grow as more states add to the patchwork with their own unique bills. The significant compliance costs alone should serve as a warning against later enactment of state-specific data privacy legislation.
Commerce does not stop at state borders and the Internet does not recognize national and local boundaries. Due to the interstate nature of the Internet, the power to regulate online activities should rest with Congress, not the states. The Commerce Clause of the Constitution gives Congress the power to regulate actions that cross state lines. Therefore, instead of enacting laws that will not protect their residents, state lawmakers should pressure their congressional counterparts to adopt a national data privacy framework.
On November 8, 2018, Citizens Against Government Waste submitted guidelines to the National Information and Telecommunications Administration providing recommendations for a national privacy framework that will work across the country now and in the future. Some of the key points that should be included in any privacy law include:
- A National Privacy Framework
- Consumer choice and control
- Data minimization and contextuality
- Data Security and Breach Notification
Ultimately, only a national framework established by Congress can adequately and appropriately provide consumers with the data privacy protections they need and want. Instead of enacting bills that will not provide adequate protection to their residents, state legislators should ask Congress to pass a comprehensive national data privacy law.